All-Seeing Eye or Blind Man? Understanding the Linux Kernel Auditing System
The Linux kernel auditing system provides powerful capabilities for monitoring system activity. While the auditing system is well documented, the manual pages, user guides, and much of the published writings on the audit system fail to provide guidance on the types of attacker-related activities...